hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-01 16:56:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,087 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.3
Commit Graph

19087 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
CodeQL CI
36450a8998 Merge pull request #4338 from erik-krogh/nodejs-server-request-data 
Approved by asgerf
 2020-10-01 06:00:17 -07:00
Erik Krogh Kristensen
d54a057457 Merge pull request #4377 from erik-krogh/babelCrash 
JS: prevent crash when TemplateLiteral is used in import
 2020-10-01 14:58:45 +02:00
Chris Smowton
578ea1ae43 Fix OWASP broken links 2020-10-01 13:09:52 +01:00
Erik Krogh Kristensen
18f7f2b559 autoformat 2020-10-01 13:49:31 +02:00
Erik Krogh Kristensen
4dec2171da add http request server data as a RemoteFlowSource 2020-10-01 13:21:56 +02:00
Rasmus Wriedt Larsen
3247b300ae Python: Fix problem with missing use-use flow 2020-10-01 12:55:11 +02:00
Rasmus Wriedt Larsen
9b3509f0ba Python: Highlight problem with missing use-use flow 2020-10-01 12:51:44 +02:00
Rasmus Lerchedahl Petersen
2187389da1 Python: Show constructor keyword arg problem 
Also make tests runnable
 2020-10-01 12:48:38 +02:00
CodeQL CI
0158e2ffef Merge pull request #4374 from max-schaefer/js/api-graph 
Approved by erik-krogh
 2020-10-01 03:33:45 -07:00
Rasmus Lerchedahl Petersen
db23dad6ec Python: Allow callables to connect to calls freely 2020-10-01 12:33:42 +02:00
Max Schaefer
7f075202c6 Merge pull request #4367 from erik-krogh/sql-api 
JS: Fixing an API-graph gotcha in `SQL.qll`
 2020-10-01 11:33:01 +01:00
Geoffrey White
084e6f6d9b C++: Add change note. 2020-10-01 11:04:40 +01:00
Geoffrey White
fb9a3b323d C++: Modernize MemcpyFunction. 2020-10-01 10:53:18 +01:00
Geoffrey White
ce9abe071d C++: Remove taint flow from size parameter. 2020-10-01 10:51:01 +01:00
Geoffrey White
ed5c3b321f C++: Repair callDereferences for failing test. 2020-10-01 10:38:12 +01:00
Erik Krogh Kristensen
fbd62abd64 prevent crash when TemplateLiteral is used in import 2020-10-01 11:26:49 +02:00
Erik Krogh Kristensen
75b9237b81 use Parameter instead of SimpleParameter in the AngularJS model 2020-10-01 10:44:10 +02:00
Erik Krogh Kristensen
c675d72629 use Parameter instead of SimpleParameter in remaining route-handler models 2020-10-01 10:44:10 +02:00
Erik Krogh Kristensen
f65ba11485 use Parameter instead of SimpleParameter in AMD.qll 2020-10-01 10:44:05 +02:00
Geoffrey White
ff78f50a03 Merge branch 'main' into callderef 2020-10-01 09:40:36 +01:00
Rasmus Lerchedahl Petersen
b092df48a5 Python: Location and toString for KwUnpacked 2020-10-01 10:15:19 +02:00
Aditya Sharad
e712d16e7e JavaScript: Track taint through RegExp.prototype.exec for URL redirection 
Regexp literals are currently handled, but not `RegExp` objects.
 2020-09-30 15:13:02 -07:00
Rasmus Lerchedahl Petersen
29a162bc9c Python: Proper flow **arg -> **param 2020-09-30 23:55:02 +02:00
Geoffrey White
cafd320953 C++: Add set/map constructor models. 2020-09-30 17:41:06 +01:00
Geoffrey White
6520f9d0fb C++: Add basic std::set models. 2020-09-30 17:23:56 +01:00
Geoffrey White
5bc7d3a9b2 C++: Add tests for std::set and std::unordered_set. 2020-09-30 17:23:56 +01:00
Rasmus Wriedt Larsen
428c2a3fda Merge branch 'main' into python-command-execution-modeling 2020-09-30 17:38:59 +02:00
Matthew Gretton-Dann
e0ca4dafb8 Add support for Variable.is_constinit() 2020-09-30 16:31:45 +01:00
Rasmus Wriedt Larsen
c4a2e1d6d1 Python: Rewrite attribute lookup helpers for better performance 
Not that they actually had a huge problem right now, just that using the old
pattern HAS lead to bad performance in the past. See
https://github.com/github/codeql/pull/4361
 2020-09-30 17:31:20 +02:00
Geoffrey White
952cc89c2a C++: Improve make_pair in stl.h (using remove_reference). 2020-09-30 16:17:06 +01:00
Geoffrey White
7ecd229ce7 C++: Improve make_pair in stl.h (jbj solution). 2020-09-30 16:16:53 +01:00
Geoffrey White
282d3e8f7e Merge pull request #4322 from jbj/range-analysis-custom-defs 
C++: Support custom defs in SimpleRangeAnalysis
 2020-09-30 15:43:32 +01:00
Taus
32bf7d6bdf Merge pull request #4256 from fatenhealy/Noblowfish 
CWE-327 BrokenCryptoAlgorithm recommendation to AES instead of Blowfish
 2020-09-30 16:15:46 +02:00
Rasmus Lerchedahl Petersen
b0ed7af897 Python: Approximate **arg -> **param 2020-09-30 15:54:12 +02:00
Rasmus Lerchedahl Petersen
4ae422ce16 Python: Add test for extraneous overflow arguments 2020-09-30 15:28:29 +02:00
Erik Krogh Kristensen
bfb653a34a rename getAReference to getAnImmediateUse 2020-09-30 15:15:49 +02:00
Erik Krogh Kristensen
eb973b39fe Update javascript/ql/src/semmle/javascript/frameworks/SQL.qll 
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
 2020-09-30 15:12:17 +02:00
Arthur Baars
cf6036f9b4 Java: fix some android database sinks 2020-09-30 14:42:19 +02:00
Rasmus Wriedt Larsen
f501003879 Design Patterns: Recommend this = range for ::Range pattern 2020-09-30 14:28:08 +02:00
Faten Healy
03d8fc7296 changed to AES 2020-09-30 22:18:36 +10:00
Jonas Jensen
3af3d87ecd C++: Change note for several range-analysis PRs 2020-09-30 13:52:23 +02:00
Erik Krogh Kristensen
d316cb512e deprecate exports and replace uses with the new getAnExportedValue 2020-09-30 13:46:28 +02:00
Rasmus Wriedt Larsen
4adc26eb62 Python: Fix command injection example code 
`subprocess.Popen(["ls", "-la"], shell=True)` correspond to running `sh -c "ls" -la`

So it doesn't follow the pattern of the rest of the test file.
 2020-09-30 13:38:37 +02:00
Taus
d694777894 Merge pull request #4369 from RasmusWL/python-ospathjoin-taintstep 
Python: Add taint-step for os.path.join
 2020-09-30 13:35:16 +02:00
Erik Krogh Kristensen
b24e959033 add getAnInvocation to the ApiGraphs API 2020-09-30 13:33:36 +02:00
Rasmus Wriedt Larsen
9c1253c8af Python: Remove flow out of CommandInjection sinks 2020-09-30 13:29:40 +02:00
Erik Krogh Kristensen
b720bfdd11 Apply suggestions from code review 
Co-authored-by: Asger F <asgerf@github.com>
 2020-09-30 13:26:51 +02:00
Rasmus Lerchedahl Petersen
00966bba0d Python: update test expectations 2020-09-30 13:11:23 +02:00
Rasmus Wriedt Larsen
a2d12f0440 Python: Update CommandInjection.expected 2020-09-30 13:00:10 +02:00
Jonas Jensen
b1c826e5c0 Merge pull request #4135 from rdmarsh2/rdmarsh2/cpp/output-iterators-1 
C++: Output iterators in AST taint tracking
 2020-09-30 12:54:55 +02:00